LoginSignup
4

More than 5 years have passed since last update.

WebベースのIPアドレス管理帳を作る

Last updated at Posted at 2017-01-25

目的

ファイル共有上のExcelシートで管理するの嫌だ。ブラウザでちょいちょいとやりたい。

環境

CentOS 7.1

インストール

ApacheとMariaDB

 # yum install mariadb httpd php mariadb-server php-pdo 

サービスを構成

 # systemctl start mariadb httpd
 # systemctl enable mariadb httpd 

httpサービスを許可するかfirewalldを終了する

 # systemctl stop firewalld 

あるいは

 # firewall-cmd --add-service=http 

(最後に永続化する)

MariaDBのセットアップ

 # mysql_secure_installation 

 NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

 In order to log into MariaDB to secure it, we'll need the current
 password for the root user.  If you've just installed MariaDB, and
 you haven't set the root password yet, the password will be blank,
 so you should just press enter here.

 Enter current password for root (enter for none):
 OK, successfully used password, moving on...

 Setting the root password ensures that nobody can log into the MariaDB
 root user without the proper authorisation.

 You already have a root password set, so you can safely answer 'n'.

 Change the root password? [Y/n]
 New password:
 Re-enter new password:
 Password updated successfully!
 Reloading privilege tables..
  ... Success!


 By default, a MariaDB installation has an anonymous user, allowing anyone
 to log into MariaDB without having to have a user account created for
 them.  This is intended only for testing, and to make the installation
 go a bit smoother.  You should remove them before moving into a
 production environment.

 Remove anonymous users? [Y/n]
  ... Success!

 Normally, root should only be allowed to connect from 'localhost'.  This
 ensures that someone cannot guess at the root password from the network.

 Disallow root login remotely? [Y/n]
  ... Success!

 By default, MariaDB comes with a database named 'test' that anyone can
 access.  This is also intended only for testing, and should be removed
 before moving into a production environment.

 Remove test database and access to it? [Y/n]
  - Dropping test database...
  ... Success!
  - Removing privileges on test database...
  ... Success!

 Reloading the privilege tables will ensure that all changes made so far
 will take effect immediately.

 Reload privilege tables now? [Y/n]
  ... Success!

 Cleaning up...

 All done!  If you've completed all of the above steps, your MariaDB
 installation should now be secure.

 Thanks for using MariaDB!

↑ 基本的に rootパスワードを設定するところ以外はEnter叩いてそのまま進める。

MariaDBに接続する

 # mysql -uroot -p 

ユーザー情報を表示


 MariaDB [(none)]> 
 MariaDB [(none)]> select user,host from mysql.user;
 +------+-----------+
 | user | host      |
 +------+-----------+
 | root | 127.0.0.1 |
 | root | ::1       |
 | root | localhost |
 +------+-----------+
 3 rows in set (0.00 sec)

データベース名を表示


MariaDB [(none)]> show databases;
 +--------------------+
 | Database           |
 +--------------------+
 | information_schema |
 | mysql              |
 | performance_schema |
 +--------------------+
 3 rows in set (0.00 sec)

自分用のデータベースを作成する

MariaDB [(none)]> create database mgmtsheet;
> Query OK, 1 row affected (0.00 sec)

データベース名を表示(作成後)

 MariaDB [(none)]> show databases;
 +--------------------+
 | Database           |
 +--------------------+
 | information_schema |
 | mgmtsheet          |
 | mysql              |
 | performance_schema |
 +--------------------+
 4 rows in set (0.00 sec)

自分用のデータベースを作成

 MariaDB [mgmtsheet]> show tables;
Empty set (0.00 sec)

作成したデータベースを選択


 MariaDB [(none)]> use mgmtsheet
 Reading table information for completion of table and column names
 You can turn off this feature to get a quicker startup with -A

 Database changed

テーブルを作成する

CREATE TABLE `IPADDRESS` (
    `ADDRESS` VARCHAR(16) NOT NULL,
    `DECIMAL_ADDRESS` INT(10) UNSIGNED NOT NULL DEFAULT '0',
    `DESCRIPTION` VARCHAR(50) NOT NULL DEFAULT 'not assigned',
    PRIMARY KEY (`DECIMAL_ADDRESS`)
)
ENGINE=InnoDB
;
MariaDB [mgmtsheet]> show tables;
 +---------------------+
 | Tables_in_mgmtsheet |
 +---------------------+
 | IPADDRESS           |
 +---------------------+
 1 row in set (0.00 sec)

MariaDB [mgmtsheet]> desc IPADDRESS;
+-----------------+------------------+------+-----+--------------+-------+
| Field           | Type             | Null | Key | Default      | Extra |
+-----------------+------------------+------+-----+--------------+-------+
| ADDRESS         | varchar(16)      | NO   |     | NULL         |       |
| DECIMAL_ADDRESS | int(10) unsigned | NO   | PRI | 0            |       |
| DESCRIPTION     | varchar(50)      | NO   |     | not assigned |       |
+-----------------+------------------+------+-----+--------------+-------+
3 rows in set (0.01 sec)

専用ユーザーの作成と権限付与

MariaDB [(none)]> create user 'lab' identified by 'labpass' ;
MariaDB [(none)]> grant SELECT,UPDATE ON mgmtsheet.* TO 'lab' ;
Query OK, 0 rows affected (0.00 sec)

ユーザー確認

MariaDB [(none)]> select user,host from mysql.user;
+------+-----------+
| user | host      |
+------+-----------+
| lab  | %         |
| root | 127.0.0.1 |
| root | ::1       |
| root | localhost |
+------+-----------+
4 rows in set (0.00 sec)

使用する範囲のIPアドレスを登録する

スクリプトを用意

dotdecip.awk
BEGIN {
gensql(10,10,3);
gensql(10,10,140);
}
function gensql(oct1,oct2,oct3){
        for (i=1;i<=254;i++) {
         printf("insert into IPADDRESS (ADDRESS,DECIMAL_ADDRESS) values ('%s.%s.%s.%i',%i);\n",oct1,oct2,oct3,i,decip(oct1,oct2,oct3,i));
        }
}

function decip(o1,o2,o3,o4){
return 254*254*254*o1+254*254*o2+254*o3+o4;
}

SQL文を生成

# gawk -f dotdecip.awk  > alladdr.sql

流し込む

 # mysql -uroot -p mgmtsheet < alladdr.sql 

確認

MariaDB [mgmtsheet]> select * from mgmtsheet.IPADDRESS;
+---------------+-----------------+--------------+
| ADDRESS       | DECIMAL_ADDRESS | DESCRIPTION  |
+---------------+-----------------+-------------+
| 10.10.3.1     |       164516563 | not assigned |
| 10.10.3.2     |       164516564 | not assigned |
| 10.10.3.3     |       164516565 | not assigned |
| 10.10.3.4     |       164516566 | not assigned |
| 10.10.3.5     |       164516567 | not assigned |
... 
| 10.10.140.249 |       164551609 | not assigned |
| 10.10.140.250 |       164551610 | not assigned |
| 10.10.140.251 |       164551611 | not assigned |
| 10.10.140.252 |       164551612 | not assigned |
| 10.10.140.253 |       164551613 | not assigned |
| 10.10.140.254 |       164551614 | not assigned |
+---------------+-----------------+--------------+
508 rows in set (0.00 sec)

編集用ページの作成 

作らずに、編集用ページにはAdminer Editor ( https://www.adminer.org/editor/ )を利用する。

ディレクトリ移動

# cd /var/www/html/ 

ダウンロードして配置する

 # wget https://github.com/vrana/adminer/releases/download/v4.2.5/editor-4.2.5-mysql-en.php

適当な名前にリネーム

 # mv editor-4.2.5-mysql-en.php editor.php

ブラウザでページを表示する

http://serveraddr/editor.php

ブラウザ経由では http://serveraddr/editor.php を表示できない(Forbidden)エラーが発生する場合,
以下2つが揃っているならば、SELINUXが原因と思われる。
- http://serveraddr/ はapacheのテストページを正しく返す
- ターミナル上で # php editor.php は正しそうな結果を返す

http://qiita.com/yunano/items/857ab36faa0d695573dd
/var/log/httpd/error_log, /var/log/audit/audit.log を調べてSE Linuxが原因でないかとか調べる。
SELINUXを無効にするか restorecon -RFv /var/www/htmlで解消できると思われる。

つづき

誘導用のページを作る

Editorにログインしてテーブルのレコードの1つの[Edit]のハイパーリンクを調べると、
/スクリプト名?username=ユーザー名&edit=テーブル名&where%5BDECIMAL_ADDRESS列%5D=DECIMAL_ADDRESSの値
となっていることがわかる。

ので、
/editor.php?username=lab&edit=IPADDRESS&where%5BDECIMAL_ADDRESS%5D=DECIMAL_ADDRESS

となっているこのリンク(ユーザー名、テーブル名、カラム名はべた書きする)へ飛ばすリンクを表示するページを作る。

index.php

<table border="1">
<tr> <th>IPADDRESS</th> <th>DESCRIPTION</th>
<?php
$dsn = 'mysql:dbname=mgmtsheet;host=localhost';
$user = 'lab';
$password = 'labpass';

try{
    $dbh = new PDO($dsn, $user, $password);
    $sql = 'select ADDRESS,DECIMAL_ADDRESS,DESCRIPTION from IPADDRESS ORDER BY DECIMAL_ADDRESS';
    foreach ($dbh->query($sql) as $row) {
        print('<tr>');
        print('<td>');
        print('<a href="/editor.php?username=lab&edit=IPADDRESS&where[DECIMAL_ADDRESS]='.$row['DECIMAL_ADDRESS'].'">');
        print($row['ADDRESS'].'</a></td>');
        print('<td>'.$row['DESCRIPTION'].'</td>');
        print('</tr>');
    }
}catch (PDOException $e){
    print('Error:'.$e->getMessage());
    die();
}

$dbh = null;

?>
</table>

テーブルが表示されてリンクからeditorのページに行ければ成功

FirewallDの設定を永続化する

OS再起動時にMariaDBとApacheは起動してもhttpの許可がされてないと外からブロックされるので。

 # firewall-cmd --add-service=http --permanent

おわり

使うのは社内のユーザーのみで使用状況見られてもかまわないし、編集用パスワードが知られてもそこまで困らない割り切りが前提にあります。

必要ならカラム足してもよし、index.phpの代わりに
$sql = 'select ADDRESS,DECIMAL_ADDRESS,DESCRIPTION from IPADDRESS ORDER BY DECIMAL_ADDRESS' WHERE で条件追加してinuse.phpやfree.phpみたいなページを作ってもよいと思います。

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
4